diff --git a/config/v1/tests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml b/config/v1/tests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml index 77ad4950fd9..b15fd097246 100644 --- a/config/v1/tests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml +++ b/config/v1/tests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml @@ -30,6 +30,81 @@ tests: aws: keyARN: arn:aws:kms:us-east-1:101010101010:key/9a512e29-0d9c-4cf5-8174-fc1a5b22cd6a region: us-east-1 + - name: Should be able to create encrypt with KMS for AWS with aws-cn partition + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + encryption: + type: KMS + kms: + type: AWS + aws: + keyARN: arn:aws-cn:kms:cn-north-1:101010101010:key/9a512e29-0d9c-4cf5-8174-fc1a5b22cd6a + region: cn-north-1 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + encryption: + type: KMS + kms: + type: AWS + aws: + keyARN: arn:aws-cn:kms:cn-north-1:101010101010:key/9a512e29-0d9c-4cf5-8174-fc1a5b22cd6a + region: cn-north-1 + - name: Should be able to create encrypt with KMS for AWS with aws-us-gov partition + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + encryption: + type: KMS + kms: + type: AWS + aws: + keyARN: arn:aws-us-gov:kms:us-gov-east-1:101010101010:key/9a512e29-0d9c-4cf5-8174-fc1a5b22cd6a + region: us-gov-east-1 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + encryption: + type: KMS + kms: + type: AWS + aws: + keyARN: arn:aws-us-gov:kms:us-gov-east-1:101010101010:key/9a512e29-0d9c-4cf5-8174-fc1a5b22cd6a + region: us-gov-east-1 + - name: Should be able to create encrypt with KMS for AWS with aws-eusc partition + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + encryption: + type: KMS + kms: + type: AWS + aws: + keyARN: arn:aws-eusc:kms:eusc-de-east-1:101010101010:key/9a512e29-0d9c-4cf5-8174-fc1a5b22cd6a + region: eusc-de-east-1 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + encryption: + type: KMS + kms: + type: AWS + aws: + keyARN: arn:aws-eusc:kms:eusc-de-east-1:101010101010:key/9a512e29-0d9c-4cf5-8174-fc1a5b22cd6a + region: eusc-de-east-1 - name: Should fail to create encrypt with KMS for AWS without region initial: | apiVersion: config.openshift.io/v1 @@ -98,7 +173,20 @@ tests: aws: keyARN: not-a-kms-arn region: us-east-1 - expectedError: "keyARN must follow the format `arn:aws:kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-)." + expectedError: "keyARN must follow the format `arn::kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-)." + - name: Should fail to create AWS KMS with invalid partition + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + encryption: + type: KMS + kms: + type: AWS + aws: + keyARN: arn:aws-invalid:kms:us-east-1:101010101010:key/9a512e29-0d9c-4cf5-8174-fc1a5b22cd6a + region: us-east-1 + expectedError: "keyARN must follow the format `arn::kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-)." - name: Should fail to create AWS KMS with empty region initial: | apiVersion: config.openshift.io/v1 diff --git a/config/v1/tests/dnses.config.openshift.io/AAA_ungated.yaml b/config/v1/tests/dnses.config.openshift.io/AAA_ungated.yaml index f9b27c90c33..c72772b23d6 100644 --- a/config/v1/tests/dnses.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/tests/dnses.config.openshift.io/AAA_ungated.yaml @@ -29,6 +29,57 @@ tests: type: AWS aws: privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + - name: Should be able to specify an AWS role ARN with aws-cn partition + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws-cn:iam::123456789012:role/foo + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws-cn:iam::123456789012:role/foo + - name: Should be able to specify an AWS role ARN with aws-us-gov partition + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws-us-gov:iam::123456789012:role/foo + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws-us-gov:iam::123456789012:role/foo + - name: Should be able to specify an AWS role ARN with aws-eusc partition + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws-eusc:iam::123456789012:role/foo + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws-eusc:iam::123456789012:role/foo - name: Should not be able to specify unsupported platform initial: | apiVersion: config.openshift.io/v1 @@ -50,7 +101,19 @@ tests: type: AWS aws: privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo - expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" + expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\\/.*$'" + - name: Should not be able to specify invalid AWS partition + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + metadata: + name: cluster + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws-invalid:iam::123456789012:role/foo + expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws-invalid:iam::123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\\/.*$'" - name: Should not be able to specify different type and platform initial: | apiVersion: config.openshift.io/v1 diff --git a/config/v1/types_dns.go b/config/v1/types_dns.go index 06eb75ccf70..ed6b9737cce 100644 --- a/config/v1/types_dns.go +++ b/config/v1/types_dns.go @@ -134,7 +134,7 @@ type AWSDNSSpec struct { // privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing // operations on the cluster's private hosted zone specified in the cluster DNS config. // When left empty, no role should be assumed. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$` + // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$` // +optional PrivateZoneIAMRole string `json:"privateZoneIAMRole"` } diff --git a/config/v1/types_kmsencryption.go b/config/v1/types_kmsencryption.go index 3293204fa4e..c36a583c9ea 100644 --- a/config/v1/types_kmsencryption.go +++ b/config/v1/types_kmsencryption.go @@ -24,14 +24,15 @@ type KMSConfig struct { // AWSKMSConfig defines the KMS config specific to AWS KMS provider type AWSKMSConfig struct { // keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. - // The value must adhere to the format `arn:aws:kms:::key/`, where: + // The value must adhere to the format `arn::kms:::key/`, where: + // - `` is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc). // - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. // - `` is a 12-digit numeric identifier for the AWS account. // - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens. // // +kubebuilder:validation:MaxLength=128 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$')",message="keyARN must follow the format `arn:aws:kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-)." + // +kubebuilder:validation:XValidation:rule="self.matches('^arn:(aws|aws-cn|aws-us-gov|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$')",message="keyARN must follow the format `arn::kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-)." // +required KeyARN string `json:"keyARN"` // region specifies the AWS region where the KMS instance exists, and follows the format diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index 2e45da09e5b..bc2a2344fd1 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -177,7 +177,8 @@ spec: keyARN: description: |- keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. - The value must adhere to the format `arn:aws:kms:::key/`, where: + The value must adhere to the format `arn::kms:::key/`, where: + - `` is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc). - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens. @@ -185,11 +186,11 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: keyARN must follow the format `arn:aws:kms:::key/`. + - message: keyARN must follow the format `arn::kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-). - rule: self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') + rule: self.matches('^arn:(aws|aws-cn|aws-us-gov|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') region: description: |- region specifies the AWS region where the KMS instance exists, and follows the format diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 23c43814428..10261435862 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -177,7 +177,8 @@ spec: keyARN: description: |- keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. - The value must adhere to the format `arn:aws:kms:::key/`, where: + The value must adhere to the format `arn::kms:::key/`, where: + - `` is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc). - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens. @@ -185,11 +186,11 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: keyARN must follow the format `arn:aws:kms:::key/`. + - message: keyARN must follow the format `arn::kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-). - rule: self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') + rule: self.matches('^arn:(aws|aws-cn|aws-us-gov|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') region: description: |- region specifies the AWS region where the KMS instance exists, and follows the format diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses.crd.yaml index 06fb0be0b2d..4b3d6f5f55f 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses.crd.yaml @@ -71,7 +71,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml index 0a9b213ea67..6d49f582383 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml @@ -177,7 +177,8 @@ spec: keyARN: description: |- keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. - The value must adhere to the format `arn:aws:kms:::key/`, where: + The value must adhere to the format `arn::kms:::key/`, where: + - `` is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc). - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens. @@ -185,11 +186,11 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: keyARN must follow the format `arn:aws:kms:::key/`. + - message: keyARN must follow the format `arn::kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-). - rule: self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') + rule: self.matches('^arn:(aws|aws-cn|aws-us-gov|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') region: description: |- region specifies the AWS region where the KMS instance exists, and follows the format diff --git a/config/v1/zz_generated.featuregated-crd-manifests/dnses.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/dnses.config.openshift.io/AAA_ungated.yaml index 23df9274c20..2e6737fcb5f 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/dnses.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/dnses.config.openshift.io/AAA_ungated.yaml @@ -72,7 +72,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index 69fb37c5233..f7259943267 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -2327,7 +2327,7 @@ func (Storage) SwaggerDoc() map[string]string { var map_AWSKMSConfig = map[string]string{ "": "AWSKMSConfig defines the KMS config specific to AWS KMS provider", - "keyARN": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", + "keyARN": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn::kms:::key/`, where: - `` is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc). - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", "region": "region specifies the AWS region where the KMS instance exists, and follows the format `--`, e.g.: `us-east-1`. Only lowercase letters and hyphens followed by numbers are allowed.", } diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml index 24a77a81b54..fe65e894a35 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml index a921ed5d346..fa296a900e6 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml index a8e3fcd21d6..680802b2d80 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml index 678e5a4202f..f2b0e5379f6 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml index 52f75fc841f..746a1998933 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml index 84456f16e83..1f8f6b2d3fb 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AWSClusterHostedDNSInstall.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AWSClusterHostedDNSInstall.yaml index d1ea29f18cb..19a8b127e53 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AWSClusterHostedDNSInstall.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AWSClusterHostedDNSInstall.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AWSDualStackInstall.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AWSDualStackInstall.yaml index cae7f08b880..b092c85ea57 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AWSDualStackInstall.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AWSDualStackInstall.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AzureClusterHostedDNSInstall.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AzureClusterHostedDNSInstall.yaml index d7f4bc5505e..8cef47b9e26 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AzureClusterHostedDNSInstall.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AzureClusterHostedDNSInstall.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AzureDualStackInstall.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AzureDualStackInstall.yaml index b7231a9bc23..c7a0ce235ff 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AzureDualStackInstall.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/AzureDualStackInstall.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/DualReplica.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/DualReplica.yaml index a4a49f28265..d175df02818 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/DualReplica.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/DualReplica.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/DyanmicServiceEndpointIBMCloud.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/DyanmicServiceEndpointIBMCloud.yaml index 825201f6698..ff6e055a39e 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/DyanmicServiceEndpointIBMCloud.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/DyanmicServiceEndpointIBMCloud.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/GCPClusterHostedDNSInstall.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/GCPClusterHostedDNSInstall.yaml index b7aefb54f4d..96b30b33dce 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/GCPClusterHostedDNSInstall.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/GCPClusterHostedDNSInstall.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/HighlyAvailableArbiter+DualReplica.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/HighlyAvailableArbiter+DualReplica.yaml index a3619b08be1..dca5c8efed3 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/HighlyAvailableArbiter+DualReplica.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/HighlyAvailableArbiter+DualReplica.yaml @@ -129,7 +129,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/HighlyAvailableArbiter.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/HighlyAvailableArbiter.yaml index fbfcee89826..58d05a5c406 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/HighlyAvailableArbiter.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/HighlyAvailableArbiter.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/NutanixMultiSubnets.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/NutanixMultiSubnets.yaml index c5a659d8ea4..3d2521ea277 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/NutanixMultiSubnets.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/NutanixMultiSubnets.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/OnPremDNSRecords.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/OnPremDNSRecords.yaml index f36c703ab25..fe0c47d2112 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/OnPremDNSRecords.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/OnPremDNSRecords.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/VSphereHostVMGroupZonal.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/VSphereHostVMGroupZonal.yaml index 2a12b07f07c..a2e99482188 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/VSphereHostVMGroupZonal.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/VSphereHostVMGroupZonal.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/VSphereMultiNetworks.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/VSphereMultiNetworks.yaml index 27b3501b505..f1cca5757ae 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/VSphereMultiNetworks.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/controllerconfigs.machineconfiguration.openshift.io/VSphereMultiNetworks.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 2c217f1303e..7a5a2078290 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -9200,7 +9200,7 @@ func schema_openshift_api_config_v1_AWSKMSConfig(ref common.ReferenceCallback) c Properties: map[string]spec.Schema{ "keyARN": { SchemaProps: spec.SchemaProps{ - Description: "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", + Description: "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn::kms:::key/`, where: - `` is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc). - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", Default: "", Type: []string{"string"}, Format: "", diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index 2e45da09e5b..bc2a2344fd1 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -177,7 +177,8 @@ spec: keyARN: description: |- keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. - The value must adhere to the format `arn:aws:kms:::key/`, where: + The value must adhere to the format `arn::kms:::key/`, where: + - `` is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc). - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens. @@ -185,11 +186,11 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: keyARN must follow the format `arn:aws:kms:::key/`. + - message: keyARN must follow the format `arn::kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-). - rule: self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') + rule: self.matches('^arn:(aws|aws-cn|aws-us-gov|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') region: description: |- region specifies the AWS region where the KMS instance exists, and follows the format diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 23c43814428..10261435862 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -177,7 +177,8 @@ spec: keyARN: description: |- keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. - The value must adhere to the format `arn:aws:kms:::key/`, where: + The value must adhere to the format `arn::kms:::key/`, where: + - `` is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc). - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens. @@ -185,11 +186,11 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: keyARN must follow the format `arn:aws:kms:::key/`. + - message: keyARN must follow the format `arn::kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-). - rule: self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') + rule: self.matches('^arn:(aws|aws-cn|aws-us-gov|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$') region: description: |- region specifies the AWS region where the KMS instance exists, and follows the format diff --git a/payload-manifests/crds/0000_10_config-operator_01_dnses.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_dnses.crd.yaml index 06fb0be0b2d..4b3d6f5f55f 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_dnses.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_dnses.crd.yaml @@ -71,7 +71,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml index 24a77a81b54..fe65e894a35 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml index a921ed5d346..fa296a900e6 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml index a8e3fcd21d6..680802b2d80 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml index 678e5a4202f..f2b0e5379f6 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml index 52f75fc841f..746a1998933 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml @@ -128,7 +128,7 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role\/.*$ type: string type: object type: